From 172e46d371f8c80658cd657d9900633e056dac03 Mon Sep 17 00:00:00 2001
From: mhnoyes <mhnoyes@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 18 Dec 2003 22:40:30 +0000
Subject: [PATCH] Content moved to OPENVPN.xml

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@891 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-docs/OPENVPN.html | 232 ------------------------------------
 1 file changed, 232 deletions(-)
 delete mode 100755 Shorewall-docs/OPENVPN.html

diff --git a/Shorewall-docs/OPENVPN.html b/Shorewall-docs/OPENVPN.html
deleted file mode 100755
index fdf39157b..000000000
--- a/Shorewall-docs/OPENVPN.html
+++ /dev/null
@@ -1,232 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-  <meta http-equiv="Content-Type"
- content="text/html; charset=windows-1252">
-  <title>OpenVPN Tunnels</title>
-  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
-  <meta name="ProgId" content="FrontPage.Editor.Document">
-</head>
-<body>
-<h1 style="text-align: center;">OpenVPN Tunnels<br>
-</h1>
-<p>OpenVPN is a robust and highly configurable VPN (Virtual Private
-Network) daemon which can be used to securely link two or more private
-networks using an encrypted tunnel over the internet. OpenVPN is an
-Open Source project and is <a
- href="http://openvpn.sourceforge.net/license.html">licensed under the
-GPL</a>. OpenVPN can be downloaded from <a
- href="http://openvpn.sourceforge.net/">http://openvpn.sourceforge.net/</a>.<br>
-</p>
-<p>OpenVPN support was added to Shorewall in version 1.3.14.<br>
-</p>
-<h2>Bridging two Masqueraded Networks</h2>
-<p>Suppose that we have the following situation:</p>
-<p align="center"><img border="0" src="images/TwoNets1.png" width="745"
- height="427"> </p>
-<p align="left">We want systems in the 192.168.1.0/24 subnetwork to be
-able to communicate with the systems in the 10.0.0.0/8 network. This is
-accomplished through use of the /etc/shorewall/tunnels file and the
-/etc/shorewall/policy file and OpenVPN.</p>
-<p align="left">While it was possible to use the Shorewall start and
-stop script to start and stop OpenVPN, I decided to use the init script
-of OpenVPN to start and stop it.</p>
-<p align="left">On each firewall, you will need to declare a zone to
-represent the remote subnet. We'll assume that this zone is called
-'vpn' and declare it in /etc/shorewall/zones on both systems as follows.</p>
-<blockquote>
-  <table border="2" cellpadding="2" style="border-collapse: collapse;">
-    <tbody>
-      <tr>
-        <td><strong>ZONE</strong></td>
-        <td><strong>DISPLAY</strong></td>
-        <td><strong>COMMENTS</strong></td>
-      </tr>
-      <tr>
-        <td>vpn</td>
-        <td>VPN</td>
-        <td>Remote Subnet</td>
-      </tr>
-    </tbody>
-  </table>
-</blockquote>
-<p align="left">On system A, the 10.0.0.0/8 will comprise the <b>vpn</b>
-zone.
-In /etc/shorewall/interfaces:</p>
-<blockquote>
-  <table border="2" cellpadding="2" style="border-collapse: collapse;">
-    <tbody>
-      <tr>
-        <td><b>ZONE</b></td>
-        <td><b>INTERFACE</b></td>
-        <td><b>BROADCAST</b></td>
-        <td><b>OPTIONS</b></td>
-      </tr>
-      <tr>
-        <td>vpn</td>
-        <td>tun0</td>
-        <td><br>
-        </td>
-        <td>&nbsp;</td>
-      </tr>
-    </tbody>
-  </table>
-</blockquote>
-<p align="left">In /etc/shorewall/tunnels on system A, we need the
-following:</p>
-<blockquote>
-  <table border="2" cellpadding="2" style="border-collapse: collapse;">
-    <tbody>
-      <tr>
-        <td><b>TYPE</b></td>
-        <td><b>ZONE</b></td>
-        <td><b>GATEWAY</b></td>
-        <td><b>GATEWAY ZONE</b></td>
-      </tr>
-      <tr>
-        <td>openvpn</td>
-        <td>net</td>
-        <td>134.28.54.2</td>
-        <td>&nbsp;</td>
-      </tr>
-    </tbody>
-  </table>
-</blockquote>
-<p>This entry in /etc/shorewall/tunnels opens the firewall so that
-OpenVPN traffic on the default port 5000/udp will be accepted to/from
-the remote gateway. If you change the port used by OpenVPN to 7777, you
-can define&nbsp;/etc/shorewall/tunnels like this:<br>
-</p>
-<blockquote>
-  <table border="2" cellpadding="2" style="border-collapse: collapse;">
-    <tbody>
-      <tr>
-        <td><b>TYPE</b></td>
-        <td><b>ZONE</b></td>
-        <td><b>GATEWAY</b></td>
-        <td><b>GATEWAY ZONE</b></td>
-      </tr>
-      <tr>
-        <td>openvpn:7777</td>
-        <td>net</td>
-        <td>134.28.54.2</td>
-        <td>&nbsp;</td>
-      </tr>
-    </tbody>
-  </table>
-</blockquote>
-<p>This is the OpenVPN config on system A:</p>
-<blockquote>
-  <p></p>
-</blockquote>
-<blockquote>
-  <p>dev tun<br>
-local 206.162.148.9<br>
-remote 134.28.54.2<br>
-ifconfig 192.168.99.1 192.168.99.2<br>
-up ./route-a.up<br>
-tls-server<br>
-dh dh1024.pem<br>
-ca ca.crt<br>
-cert my-a.crt<br>
-key my-a.key<br>
-comp-lzo<br>
-verb 5<br>
-  </p>
-</blockquote>
-<p>Similarly, On system B the 192.168.1.0/24 subnet will comprise the <b>vpn</b>
-zone. In /etc/shorewall/interfaces:</p>
-<blockquote>
-  <table border="2" cellpadding="2" style="border-collapse: collapse;">
-    <tbody>
-      <tr>
-        <td><b>ZONE</b></td>
-        <td><b>INTERFACE</b></td>
-        <td><b>BROADCAST</b></td>
-        <td><b>OPTIONS</b></td>
-      </tr>
-      <tr>
-        <td>vpn</td>
-        <td>tun0</td>
-        <td>192.168.1.255</td>
-        <td>&nbsp;</td>
-      </tr>
-    </tbody>
-  </table>
-</blockquote>
-<p>In /etc/shorewall/tunnels on system B, we have:</p>
-<blockquote>
-  <table border="2" cellpadding="2" style="border-collapse: collapse;">
-    <tbody>
-      <tr>
-        <td><b>TYPE</b></td>
-        <td><b>ZONE</b></td>
-        <td><b>GATEWAY</b></td>
-        <td><b>GATEWAY ZONE</b></td>
-      </tr>
-      <tr>
-        <td>openvpn</td>
-        <td>net</td>
-        <td>206.191.148.9</td>
-        <td>&nbsp;</td>
-      </tr>
-    </tbody>
-  </table>
-</blockquote>
-<p>And in the&nbsp;OpenVPN config on system B:</p>
-<blockquote>
-  <p>dev tun<br>
-local 134.28.54.2<br>
-remote 206.162.148.9<br>
-ifconfig 192.168.99.2 192.168.99.1<br>
-up ./route-b.up<br>
-tls-client<br>
-ca ca.crt<br>
-cert my-b.crt<br>
-key my-b.key<br>
-comp-lzo<br>
-verb 5<br>
-  </p>
-</blockquote>
-<p align="left">You will need to allow traffic between the "vpn" zone
-and the "loc" zone on both systems -- if you simply want to admit all
-traffic in both directions, you can use the policy file:</p>
-<blockquote>
-  <table border="2" cellpadding="2" style="border-collapse: collapse;">
-    <tbody>
-      <tr>
-        <td><strong>SOURCE</strong></td>
-        <td><strong>DEST</strong></td>
-        <td><strong>POLICY</strong></td>
-        <td><strong>LOG LEVEL</strong></td>
-      </tr>
-      <tr>
-        <td>loc</td>
-        <td>vpn</td>
-        <td>ACCEPT</td>
-        <td>&nbsp;</td>
-      </tr>
-      <tr>
-        <td>vpn</td>
-        <td>loc</td>
-        <td>ACCEPT</td>
-        <td>&nbsp;</td>
-      </tr>
-    </tbody>
-  </table>
-</blockquote>
-<p>On both systems, restart Shorewall and start OpenVPN. The systems in
-the two masqueraded subnetworks can now talk to each other.</p>
-<p><font size="2">Updated 2/4/2003 - <a href="support.htm">Tom Eastep</a></font>
-<small>and Simon Mater</small><br>
-</p>
-<p><font size="2"> </font></p>
-<p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
-© <font size="2">2003 Thomas M. Eastep. and Simon Mater<br>
-</font></a></font></p>
-<br>
-<br>
-<br>
-<br>
-</body>
-</html>